Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw

A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), the most popular email encryption standard. The new paper includes a proof-of-concept exploit that can allow an attacker to use the victim’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker without alerting the victim. The proof of concept is only one implementation of this new type of attack, and variants may follow in the coming days.

TWITTER URGES USERS TO CHANGE PASSWORDS DUE TO GLITCH

Twitter said Thursday that a glitch caused account passwords to be stored in plain text on an internal log, sending users across the platform scrambling to change their passwords.

The social media company said that it found and has fixed the glitch, and its investigation shows no indication of a breach or misuse by anyone. While the company did not specify how many passwords were impacted, a Reuters report pegged the number at more than 330 million.

“I’d emphasize that this is not a leak and our investigation has shown no signs of misuse,” a Twitter spokesperson told Threatpost. “We’re sharing this information so everyone can make an informed decision on the security of their account.

Know what Instagram knows – here’s how you download your data

Instagram, the visual story-centric social media platform owned by Facebook, has now added a long-requested feature: the ability for users to download their data – including images, posts and comments.

Not to be cynical, but Instagram is not making this move out of the kindness of its heart: the compliance deadline for GDPR is in a month and data portability is one of its many requirements.